Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-other, malware-cnc, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34883 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34881 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34882 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34878 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules) * 1:34876 <-> ENABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection attempt (malware-cnc.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34917 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)
* 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound communication (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34888 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34883 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34881 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34882 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34878 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules) * 1:34876 <-> ENABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection attempt (malware-cnc.rules) * 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34917 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)
* 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound communication (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34917 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34888 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34883 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34882 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34881 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34878 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34876 <-> ENABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules) * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection attempt (malware-cnc.rules)
* 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound communication (malware-cnc.rules) * 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
